Risk Management Must Be Priority For All Banks, Not Just The Biggest

Despite the financial and operational challenges of regulatory compliance, investments in modern risk management capabilities must be viewed as an opportunity — not a burden — for all banks, regardless of size.

We hear often about the digital divide -- the gap between those who have access to state-of-the-art information technologies and those who do not, and the economic and social limitations that such a gap imposes on the have-nots. There are similar divides in banking -- institutions that have tons of resources and big budgets and those that must make do with significantly less. It's not just big bank/small bank --these divides can be created by management priorities and shaped by corporate cultures.

Risk management and compliance with risk management-related regulations is another area in which we see divides. It's not just about which kinds of banks must comply with capital adequacy and stress testing directives -- the topic of the cover story in this Bank Systems & Technology issue about enterprise risk management. It's also about attitudes and vision. The management at some banks resists any changes or new regulations, no matter the context or history behind them. They are viewed as unfair and costly burdens to be challenged.

There's no question that regulatory compliance, particularly as it involves risk management, is costly and difficult. The most recent Banking Compliance Index (BCI), a quarterly index compiled and analyzed by vendor Continuity Control that measures the regulatory burden on financial institutions, highlights the potential financial impact of increased regulation on community banks. The index found what it calls a "staggering" 117% growth in regulatory burden in the past 12 months. The average institution, according to the BCI, had to commit 2.3 full-time employee equivalents to manage this burden. The index reports the time it takes to comply has increased more than 50% in the past year.

That's terrible ... but so are the implications of ignoring the increased complexity of risk. And it's irresponsible to avoid investments in the kinds of technologies -- such as analytics, dashboards, modeling capabilities and high-performance computing -- that are the basis of effective risk management (and, as a corollary, compliance with much of the new banking regulation). Skimping on such technology also ignores the potential to leverage those investments for insights into performance, products and customers. Again, it's more about priorities than budgets. Analytics and data management no longer are things that only big banks can afford. At the same time, I'm sure there are community banks that value risk management prowess more than some big banks do.

Risk management is perhaps not the sexiest area of banking right now, compared with digital engagement or mobile transactions, but we all know that without the practice of risk management at its highest level the industry cannot survive. Banks should be united on that.

Katherine Burger is Editorial Director of Bank Systems & Technology and Insurance & Technology, members of UBM TechWeb's InformationWeek Financial Services. She assumed leadership of Bank Systems & Technology in 2003 and of Insurance & Technology in 1991. In addition to ... View Full Bio

re: Risk Management Must Be Priority For All Banks, Not Just The Biggest

Given the headlines around DDoS attacks banks have to take a more cooperative attitude towards compliance and data sharing when it comes to risk. I think eventually the attitude that compliance is such a burden is going to fall away as more attacks probably take place in the future.

re: Risk Management Must Be Priority For All Banks, Not Just The Biggest

Agreed Kathy. Risk management and compliance are important considerations for all banks. But, it is also a matter of culture. Does the bank's management really believe in it or is it something that is paid lip service to, because of regulators and auditors looking over their shoulders?